﻿using System.Data;
using CodeCrawler.UI.Engine.KeyPointersScan.ValidationSteps.Stage1;
using OWASP.CodeReview.CodeCrawler.Engine;
using OWASP.CodeReview.CodeCrawler.Enums;
using System.Text.RegularExpressions;

// Alessio Marziali
// www.cyphersec.com
// Last Update : April 03 2010

// This is the very core of the application where the code is evaluated on a line basis
namespace CodeCrawler.UI.Engine.KeyPointersScan {
    /// <summary>
    /// OWASP Code Review Project Provider
    /// </summary>
    public class ThreatCollection
    {
        /// <summary>
        /// This is the very core of the application where the code is evaluated on a line basis
        /// </summary>
        /// <param name="lineCode"></param>
        /// <param name="codeCrawlerKeyPointersDatabase"></param>
        /// <param name="currentLineOfCode"></param>
        /// <returns></returns>
        public Threat ParseLineOfCode(string lineCode, DataSet codeCrawlerKeyPointersDatabase, int currentLineOfCode) {
            
            // Various Comment tokens for different languages
            int indexComment1 = lineCode.Trim().IndexOf(@"/");      // C#
            int indexComment2 = lineCode.Trim().IndexOf(@"*");      // C#
            int indexComment3 = lineCode.Trim().IndexOf(@"'");      // VB like
            int indexComment4 = lineCode.Trim().IndexOf(@"#");      // C# Regions

            if ((indexComment1 != 0) && 
                (indexComment2 != 0) && 
                (indexComment3 != 0) && 
                (indexComment4 != 0)) {

                    foreach (DataRow threatInCatalog in codeCrawlerKeyPointersDatabase.Tables[0].Rows) {
                        // Stage 1 (Deep Search)
                        Threat stage1Result = Stage1.DeepSearch(threatInCatalog, lineCode, currentLineOfCode);
                        if (stage1Result!= null) { return stage1Result; }
                    }
                }
            return null;
        }

        /// <summary>
        /// Add Threat Item
        /// </summary>
        /// <param name="ThreatObject"></param>
        /// <param name="DataSetToFill"></param>
        public void AddThreatItem(Threat ThreatObject, DataTable DataSetToFill)
        {
            if (DataSetToFill != null)
            {
                DataRow threatItem = DataSetToFill.NewRow();
                threatItem[0] = ThreatObject.Name;
                threatItem[1] = ThreatObject.Description;
                threatItem[2] = ThreatObject.Level;
                threatItem[3] = ThreatObject.LineOfCode;
                threatItem[4] = ThreatObject.OwaspGuideLines;

                DataSetToFill.Rows.Add(threatItem);
            }
        }


        /// <summary>
        /// Return a DataRow Object filled with threat details
        /// </summary>
        /// <returns></returns>
        internal Threat ThreatObject(DataRow DatabaseReference, int LineOfCode)
        {
            var _lineOfCode = new Threat();
            _lineOfCode.Name = DatabaseReference[0].ToString();

            if (!string.IsNullOrEmpty(_lineOfCode.Name))
            {
                switch (int.Parse(DatabaseReference[1].ToString()))
                {
                    case 1:
                        _lineOfCode.Level = ThreatLevel.Green;
                        break;

                    case 2:
                        _lineOfCode.Level = ThreatLevel.Yellow;
                        break;

                    case 3:
                        _lineOfCode.Level = ThreatLevel.Red;
                        break;
                }
            }

            _lineOfCode.LineOfCode = LineOfCode;
            _lineOfCode.Description = DatabaseReference[2].ToString();
            _lineOfCode.OwaspGuideLines = DatabaseReference[4].ToString();
            return _lineOfCode;
        }
    }
}